Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Managing Risks Raised by Algorithmic Applications

The rise of advanced data analytics and cognitive technologies has led to an explosion in the use of algorithms across industries and business functions to help guide strategic, operational, financial and other key business decisions. These algorithms, which are routine processes or sequences of instructions for analyzing data, solving problems and performing tasks,¹ are influencing decisions that have a profound impact on individuals as well—including their finances, healthcare, education and media exposure.

However, algorithms are vulnerable to risks, such as accidental or intentional biases, errors and frauds. And although algorithms traditionally have been “programmed” to perform certain tasks, they are increasingly being replaced by “self-learning” algorithms.

Dilip Krishna

As a result, conventional risk management approaches may not be effective when applied to algorithmic risk scenarios. “Many traditional checks and balances are designed for managing ‘conventional risks’ where algorithm-based decisions aren’t significantly involved,” observes Dilip Krishna, chief technology officer, Deloitte Risk and Financial Advisory, Deloitte & Touche LLP. “But due to the complexity, unpredictability and proprietary nature of algorithms, as well as the lack of comprehensive standards in this space, risks associated with algorithm-based decision-making systems may not be adequately addressed,” Mr. Krishna adds.

Risks Beneath the Surface

There are several underlying factors that contribute to algorithmic risks. Input data, for example, can be outdated, irrelevant or biased; derived from an insufficient sample size; or collected using inappropriate techniques. Algorithm design may be based on biased logic, flawed assumptions and coding errors, while output decisions may be interpreted incorrectly or used inappropriately.

There have been numerous examples of algorithmic risks in the news. In several instances, employees have manipulated algorithms to suppress negative results of product safety and quality testing. Users have manipulated some artificial intelligence-powered tools to make offensive and inflammatory comments. According to a recent study, online ads for high-paying jobs were shown more often to men than to women.

The implications of algorithmic risk can be broad. In some cases, the risks can affect an organization’s reputation, particularly if various stakeholders believe that the workings of the algorithms are designed to covertly manipulate consumers, employees and other stakeholders. Errors or vulnerabilities in algorithms, especially those used for financial and strategic decision-making, can result in significant revenue loss for organizations and—depending on the circumstances—negatively impact the integrity of financial reporting.

Nancy Albinson

“Risk officers and others focused on enterprise-wide threats should consider how algorithmic risk differs from traditional risks,” says Nancy Albinson, Innovation leader for Deloitte Risk and Financial Advisory, Deloitte & Touche LLP. “Algorithms are typically based on proprietary data, models and techniques, and—as a result—organizations are typically unwilling to share data, source code or internal workings of their algorithms. That can make it challenging for regulatory agencies and independent watchdog groups to monitor them,” she adds.

Even if organizations share their algorithm codes, understanding them may be difficult because of their inherent complexity. Further, no widely accepted cross-industry standards currently exist to govern many types of machine-learning algorithms, including processes around data collection, algorithm training and algorithm usage.

“That’s a departure from the financial services sector where risk model validation has become a standard oversight protocol,” notes Mr. Krishna. He points out that even these financial services industry standards have limitations when applied to complex machine-learning techniques.

Framing the Challenge

Yang Chu

To effectively manage algorithmic risks, organizations should rethink and reengineer some of their existing risk management processes, based on the inherent nature of algorithms and how they’re used. For example, “algorithmic risk management should not be a periodic point-in-time exercise, but rather addressed with continuous monitoring of algorithms, based on a framework for enterprise risk management, but also enhanced to address the unique challenges introduced by algorithms, and aligned with leading practices and regulatory requirements,” says Yang Chu, a Deloitte Risk and Financial Advisory senior manager, Deloitte & Touche LLP.

A framework for algorithmic risk management should have three overarching components:

—An algorithmic risk management strategy and governance structure to manage technical and cultural risks: This component should include principles, policies, and standards; roles and responsibilities; control processes and procedures; and appropriate personnel selection and training. It also should provide transparency and processes to handle inquiries, which can help organizations use algorithms responsibly.

—Processes and approaches for the development, deployment and use of algorithms: The processes and approaches should be aligned with the governance structure to address the algorithm life cycle, including data selection, algorithm design, integration and live use in production.

—Monitoring and testing: Processes for assessing and overseeing algorithm data inputs, workings and outputs should be established, leveraging state-of-the-art tools as they become available. Internal and external parties can provide objective reviews of algorithms and related issues.

A starting point for developing an algorithmic risk management framework is to ask critical questions about the preparedness of the organization to manage algorithmic risks. For example:

—Does the organization have a solid understanding of where algorithms are deployed?

—Has the potential impact of those algorithms functioning improperly been evaluated?

—Does the organization have a clearly established governance structure for overseeing the risks emanating from algorithms?

—Is there a program in place to manage these risks? If so, is the program being continuously enhanced as technologies and requirements evolve?

The use of intelligent algorithms offers a range of potential benefits to organizations, from innovative products, improved customer experience and strategic planning to operational efficiency and risk management. “Algorithms, when used appropriately, can be harnessed for competitive advantage,” says Ms. Albinson, “but to do that it’s important for organizations to evaluate their use in high-risk and high-impact situations and implement practices to manage risks intelligently.”

Related Deloitte Insights

The analytics used by many companies rely on two-dimensional reports featuring a significant amount of words and numbers to facilitate a discussion or communicate a point. But in many cases, the information lends itself to more questions, requiring iterative versions to provide the answers. Visual analytics is an effective way to convey data, particularly cost data, to management and support strategic decision-making. Such tools and techniques also make complex data transparent and accessible to users, regardless of their background or skillset.

When large North American company CFOs participating in Deloitte’s latest CFO Signals™ survey were asked about megatrends that are most impacting their longer-term business strategy, more than half indicated data analytics and convergence/disruption. “Clearly, those two factors are top of mind for CFOs of large organizations,” notes Sandy Cockrell III, national managing partner of the U.S. CFO Program, Deloitte LLP, “and I expect they could have an impact on decisions on investments, talent and other areas.”

Product safety and recall analytics can help manufacturing companies mitigate the cost of product recalls, and reduce future incidents and protect shareholder value and hard-earned brand reputations. Using data analytics, manufacturers can glean insights from unwieldy data sources—such as warranty claims and customer complaints, social media and user groups, and streaming telematics—to better understand the causes of a safety incident and manage product safety and recalls more effectively. Understand how to begin using data analytics to mitigate and address product recall risk.

Views & Analysis

From a regulatory perspective, the lines between fintech and traditional financial institutions are starting to blur, bringing greater regulatory expectations, along with potential penalties and legal actions for noncompliance. Regardless of whether fintech companies decide to become a bank chartered institution, they can increase their potential for success by having solid risk management controls in place. That differentiation might open doors to market share and revenue growth, as well as provide a level of comfort to a variety of stakeholders.

Effective governance remains a top focus for U.S. banking sector regulators, with a strong emphasis placed on sustainability, accountability, holistic end-to-end views and conduct. Regulators have been assessing their rules, guidance and supervisory expectations with an eye toward improving the effectiveness of outcomes. As a part of this trend, the Federal Reserve Board is signaling a new age of governance and accountability through recent proposals on board effectiveness, a new rating system for large financial institutions and supervisory expectations for senior management, business line management and independent risk management and controls.

In 2018 banks are focused on becoming more strategically oriented, technologically modern and operationally agile. To do that they will have to address multiple challenges, including a restive customer base, regulations, legacy systems, disruptive models and technologies, new competitors, cyber risk and workforce transformation. Priorities and potential solutions will vary by business line. Scott Baret, vice chairman, U.S. Banking & Capital Markets leader, Deloitte & Touche LLP, discusses how these challenges are impacting retail and commercial banks, wealth management firms, and payments and capital markets businesses.

Editor's Choice

As chief risk officer of American Express, Paul Fabara is remaking compliance and risk management by driving the use of technology and data analysis, including development of an early-warning system to detect potential risks. He discusses how he has worked with the business units and board to carve out a new role for compliance and risk and how the functions have ramped up to contribute to decision-making at the operational and strategic levels, with Ash Raghavan, principal, Deloitte Risk and Financial Advisory, Deloitte & Touche LLP.

Nearly 40% of North American CFOs participating in Deloitte’s fourth-quarter 2017 CFO Signals™ survey say their company will take above-normal risks in pursuit of higher returns, up from 25% a year ago, and 63% say now is a good time to be taking on greater risk. Sanford Cockrell III, national managing partner of Deloitte’s U.S. CFO Program, notes that CFOs’ optimism about their own companies’ prospects rebounded to the third-highest level in the survey’s history. Still, some CFOs have some concerns about constraints to their organization’s performance, including talent challenges.

Developments in 2017 demonstrate the range and depth of the challenges facing boards. Perennial challenges include strategy, risk, compensation, shareholder engagement and regulatory uncertainty. Adding to the list are board composition, social responsibility, technology risk, culture risk and the combination of innovation and disruption. Learn more about what investors, regulators and other constituencies may expect boards to address in the year ahead.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.